If you’ve got an iPhone, iPad or a Mac, you’re definitely going to want to download and install the updates that Apple released today, because they fix bugs that will otherwise leave you vulnerable to security threats.
As the Sophos Naked Security blog reports, the iOS bug lets free Wi-Fi networks steal your information when you log in. Basically, when you join a Wi-Fi hotspot, your iPhone or iPad takes you to a login page, known as a captive portal. You sign in with an account or agree to the terms and conditions to deactivate the captive portal and get onto the Internet.
The security researchers from Skycure, who found the bug, said that iOS would then inappropriately share your web cookies from Safari with the captive portal and allow the portal to install other cookies onto your phone. Why does it matter? The portal could steal your authentication credentials to access your accounts or even secretly log you in as someone else. Skycure says they alerted Apple to the issue on June 3, 2013 and they have only gotten around to fixing it now. And that’s certainly not ideal.
In order to install iOS 9.2.1, go to Settings, General, then Software Update. Make sure your phone is at least 50 percent changed or connected to a power source.
The Mac update fixes a similar issue. The official update information says the bug allowed “a local user to be able to execute arbitrary code with kernel privileges.” In non-tech jargon, that means that if malware or other malicious code gained access to your computer, it could also do anything it wanted to your computer without ever having to ask for a password.
If you haven’t set up automatic updates for your computer, open the App Store, then click on “Updates.” Then you can update your operating system and any other apps. To turn on automatic updates, go to System Preferences then App Store and check the proper boxes to allow your computer to do take the hard work for you.
Check out our other tips for protecting yourself while using public Wi-fi networks. And don’t forget to make sure your passwords aren’t exposing you to prying eyes.
[Update via Shutterstock]